In the constructor for a GhApi object, the jwt_token parameter appears to be used as a bearer token, whereas the token parameter uses an Authorization: token prefix:
https://github.com/fastai/ghapi/blob/4fe9459c7e7bd631c7317eaa9d2365f14f2cb34d/ghapi/core.py#L96-L101
There are other types of bearer tokens apart from JWTs. In the app space, installation access tokens are also passed via a Bearer header, but are not JWTs. These look more like PATs, starting with ghs_.
I might recommend:
- clarifying the documentation on different ways to authenticate to the GitHub API, or pointing at the appropriate GitHub docs.
- rename the current
jwt_token arg to something like bearer_token
- raise a non-fatal warning when
jwt_token is specified, asking developers to use the appropriately-named bearer_token arg.
In the constructor for a
GhApiobject, thejwt_tokenparameter appears to be used as a bearer token, whereas thetokenparameter uses anAuthorization: tokenprefix:https://github.com/fastai/ghapi/blob/4fe9459c7e7bd631c7317eaa9d2365f14f2cb34d/ghapi/core.py#L96-L101
There are other types of bearer tokens apart from JWTs. In the app space, installation access tokens are also passed via a
Bearerheader, but are not JWTs. These look more like PATs, starting withghs_.I might recommend:
jwt_tokenarg to something likebearer_tokenjwt_tokenis specified, asking developers to use the appropriately-namedbearer_tokenarg.